Password Security, How To Attain It
Here I will attempt to explain the anvanced concepts of reliable password security in a basic and straight-forward way. You might be reading this because you are either curious about how you might guess somebody's password for something, or are wondering how to keep people from guessing your passwords for something.
Fortunately, if you were wondering about keeping your passwords secure, then you at the right place, because nothing here will really help you guess other people's passwords, this article is intended merely for security purposes. Ok, here we go...
You all know why it is important to have a secure password for such things as your local computer log-on, maybe your computers at work, your online games, chat, and e-mail passwords. You wish to know how you may be sure your passwords are safe, and un-guessable, well, today's you're lucky day if you are reading this!
First of all, hacking online website passwords takes forever, only dictionary attacks are ever tried on websites in an attempt to guess somebodyís passwords, where every single word in the dictionary is tried, thatís only about 50,000-500,000, depending on how bad somebody wants to hack it. The programs people used to do that can guess about 0.3 passwords per second to an online site, if lucky, because of the connect time and response delays, so it can take days to run a dictionary attack, and most websites can stop someone from trying that many attempts in a row. All those websites are safe.
If you are worried about online password hacking to a website that has no openings, forget it, it doesnít happen. It takes way less time to packet sniff the victimís computer if all the data that passes thru the victimís internet passes into the attackerís computer, and most online passwords are not sent encrypted because few people can be packet sniffed. Home users cannot be packet sniffed unless they are dumb, and use some online proxy service that claims to give them faster internet access. Donít even sign up for those. Packet sniffing these days is totally preventable, as long as you know what you are doing.
Another way people can get your passwords is to infect you with a virus that logs your keystrokes, or checks your computers memory for you passwords and transmits them back to the attacker. Keeping a good antivirus program stops that. Go to www.grisoft.com for a free antivirus if youíre worried about that. Its easy to use, although there are better ones out there, most arenít free.
Another way is to actually prod into your computer by port scanning, the attacker finds a computers IP address, and tries to connect to any port it can on your computer, from there it can get in your system and do anything it wants. A firewall or antivirus stops that usually, but there are several online port scanner utilities that will tell you if youíre an easy target.
You can go to www.zonelabs.com to get a free firewall, or other places too, but their firewall is easy to use. Sign up free to www.dslreports.com and use their port scanner utility to see if youíre safe too if you want.
Windows XP's internet connection firewall is actually usually all the firewall you ever need because its more configurable than ZoneAlarm, is also free, and doesnít slow down your speed as much. Itís turned off by default, go turn it on and youíre safe from port scanning.
As for actual password security, if you donít use a word or easy to guess number or letter combination youíre fine, hereís why:
If you use a 16-letter password, youíre safe usually. There are about 96!/(16!*80!) = 662,252,084,388,541,200, or '662 million-billion' possible passwords that 16 characters, including all the letters, symbols, and numbers on a keyboard, including the ones you get using the 'Shift' key.
A keyboard contains 96 letters, numbers, and basic symbols, but threes even more advanced symbols but few people use them, so I wonít count them.
If you could guess 1 password per second, and only guess every possible password once ever, it would take you:
20,985,502,205 years, 46 days, 17 hours, 10 minutes, and 17.04 seconds to guess all passwords that are 16 characters long. Therefore, if you have a secure computer, good encryption, donít tell passwords to anybody, donít use common words, things that are easy to guess like birthdays, etc. and if youíre computer is secure, nobody can ever crack your password.
If you use just lowercase letters youíre still pretty safe too though, but not words, words wonít keep you from getting hacked.
Almost all of the combinations that exist as possibilities for passwords are NOT words. If you use a word password you can get it found out so fast. Nobody is going to guess that 16-letter password, so youíre safe if you use it.
But, most people either use words, or have passwords under 8 letters long. The more letters past 8 you use as a password is exponentially harder to find out.
Even less secure however, is when people use regular words as passwords. There are only about 500,000 words, slangs, names, and common letter passwords that exist, and people usually pick words like "password" or "computer" and those will be some of the first to be guessed. There are programs that can guess all of them in mere hours.
The moral of this story is not to use words as passwords.